Re: OpenBSD 5.1 i386- ports vs packages
2012/5/7 Dimitry T : > P.S Is there any changes in performance if change in kernel conf i386 to > i686? > "Some reasons why you should not build a custom kernel: > > You do not need to, normally. > You will not get a faster system." > > Can this applies to my question? Why don't you spend 15 minutes and build two kernels and spend an hour making measurements for your environment and report on the results? If you can't build kernels, then the question is moot anyhow, if you can build kernels, then do it. Apply science and get your answer. Oh, and if you figure it became 0.15% faster at doing $Someting, then do the math of "if I gain 0.15%, for how long do I need to run with this new kernel doing that $Something to regain the time spent thinking about -fzomg-opts, thinking about i386/i686 options in the conf, mailing about kernel settings. waiting for the replies, doing jjs suggested builds and tests". Especially important to get that number right before its time to update the kernel since you get to redo the odd unsupported build again. Seeing how you will not get help for unsupported setups, you may also want to add whatever time it takes you to figure out that a random crash one day may in fact have been caused by odd compiler flags which made gcc use less tested codepaths. How many percents worth is such a crash measured in? -- To our sweethearts and wives. May they never meet. -- 19th century toast
Re: Question regarding IPsec HMAC-SHA2 incompatibility after OpenBSD 4.6
Thanks, I will lock at that =) Best regards Johan 2012/5/12 Christian Weisgerber : > Johan Ryberg wrote: > >> I found this information that seems very interesting: >> http://www.openbsd.org/faq/upgrade47.html#hmac-sha2 > >> ike esp from 192.168.1.1 to 10.0.0.17 peer 192.168.10.1 psk mekmitasdigoat >> >> The man page of ipsec.conf says that hmac-sha1, aes, and modp1024 is >> used as mode auth algorithm enc algorithm group group if omitted > > In "main mode", which is just the initial IKE negotiation part. > Actual traffic is passed in "quick mode", which defaults to > hmac-sha2-256 and aes. > > You can also use ipsecctl -nvf /etc/ipsec.conf to look at the > expanded rules, or ipsecctl -ss to look at the parameters used by > the currently active security associations. No need to guess. > > -- > Christian "naddy" Weisgerber na...@mips.inka.de
Re: a live cd/dvd?
Booting single user on Linux would be a better solution than a livecd too. On May 13, 2012 4:37 AM, "Nick Holland" wrote: > On 05/12/12 14:16, Tyler Morgan wrote: > > On 5/11/2012 8:48 PM, Nick Holland wrote: > >> I suspect the interest in [an OpenBSD Live CD] > >> is rapidly approaching zero. Its a concept who's time has come...and > >> gone, I think. Five or six years ago, yeah...cool. Today...why?. A > >> live CD gives you a very rigid, predefined read-only environment. I > >> think a much more useful tool these days is a USB flash drive -- they > >> are smaller than a CD, more rugged, and probably run on more modern > >> systems than CDs do (I say that with some uncertainty -- some modern > >> computers come with no DVD, virtually all come with USB ports, but some > >> have broken BIOSs). > > > > While I generally agree a USB-based installation of whatever OS you > > prefer is a great solution to many tasks, I don't feel this description > > of a modern live CD environment is completely accurate. > > > > Before I went home on Friday, one of our not-production, local office > > machines needed some more room in its root filesystem so I booted into > > an Ubuntu live CD (11.04, I believe), manually brought up eth0, created > > and setup resolv.conf, apt-get installed lvm2 via network, and used the > > necessary tools to extend an LVM-based ext3 filesystem. Why did I do it > > that way? Because I had done it that way before without any problems, > > the CD was on the bench, the drive was available, it took about 20 > > minutes start to finish, and it effectively accomplished the task. > > With OpenBSD, you do that kinda stuff by either bringing up the system > in single user mode or with bsd.rd, booted from either the standard file > system or standard boot cd. You don't need/want a "live cd". And it > won't take you 20 minutes, unless you need to fsck a really big file > system, which is something you generally shouldn't need to do from > single user mode or bsd.rd. > > Of course, you could do it with a USB flash drive, too, but that's all > the hard way. As is using a Live CD under Unix, problem is, they don't > provide you an "easy" way...so everyone is stuck singing the praises of > an overly complex solution that hauled your butt out of the fire... > hm...Stockholm Syndrome in the IT departments -- singing the praises of > clumsy tools that shouldn't need to exist to get you out of situations > you shouldn't have had to been in in the first place! > > > At no point did I have to jump through any hoops like remounting > > something read/write. It was simply a usable Linux environment. I'm sure > > it had limitations that I do not know about and did not run into, but, > > respectfully (and rhetorically), what about that is "pre-defined" and > > "rigid"? > > It's a CD_ROM_. Read Only Memory. That is, pretty much by definition, > "pre-defined" and "rigid". ok, the person who put your Ubuntu live CD > together gave you the tools you needed, and you downloaded some more to > something other than the CD (either local file system or memory file > system). But compared to a USB flash disk...you can load the tools on > the flash, leaving your local file systems untouched, and without the > memory cost of a memory file system. > > And yes, you can cram a lot of useful tools in a 700k CD, but not ALL > useful tools. You can cram a lot more into a DVD, but not all computers > have DVD drives on them (ok, that's a weak argument, as most machines > that don't have DVD drives won't boot from a USB stick either). And, > you still have a very finite space... However, 8GB flash drives are > getting pretty cheap, you can put whatever _you_ want on one. No matter > how you look at it, a boot flash drive will be more flexible, as you can > make it as you want it, and adjust it afterwards. > > > To digress a little further, one day I was talking to our small-ish, > > local hardware vendor and he said he should charge to remove DVD drives > > from rack-mounted servers because he gets them back to have the drives > > put back in so often, and I wasn't sure if he was kidding or not. USB is > > great but, like you say, some BIOSes are broken and the death of the > > CD/DVD isn't upon us quite yet. I mean, look at OpenBSD's seemingly > > adamant support for floppy-based systems. > > I'm not sure how that connects to the topic at hand. > We aren't talking about removing CD/DVD drives from servers or dropping > support of OpenBSD CD (or floppy) install processes...we are talking > about creating special "Live CDs" (which are not currently generated or > supported by the project, and I have heard ZERO interest in creating > such a thing as part of the project) vs. full, normal installs of > OpenBSD on flash disks (which are completely normal, and thus fully > supported). btw: as USB ports are not as impacted by dust and age as > CDs and DVDs are, in five or so years, today's server might be more > likely to boot
Re: Question regarding IPsec HMAC-SHA2 incompatibility after OpenBSD 4.6
One problem still exist I got this error message now from the OpenBSD 3.8 machine 125755.190614 Default responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id c0a80100/ff00: 192.168.1.0/255.255.255.0, responder id c0a80300/ff00: 192.168.3.0/255.255.255.0 OpenBSD 5.1 says: 130447.536284 Default transport_send_messages: giving up on exchange from-192.168.1.0/24-to-192.168.3.0/24, no response from peer 10.0.0.4:500 The config looks like OpenBSD 3.8 ike esp from 192.168.3.0/24 to 192.168.1.0/24 peer 10.0.0.2 \ quick auth hmac-md5 enc aes OpenBSD 5.1 ke esp from 192.168.1.0/24 to 192.168.3.0/24 peer 10.0.0.4 \ main auth hmac-sha1 enc 3des \ quick auth hmac-md5 enc aes group none OpenBSD 3.8 # ipsecctl -nvf /etc/ipsec.conf C set [peer-10.0.0.2]:Phase=1 force C set [peer-10.0.0.2]:Address=10.0.0.2 force C set [IPsec-192.168.3.0/24-192.168.1.0/24]:Phase=2 force C set [IPsec-192.168.3.0/24-192.168.1.0/24]:ISAKMP-peer=peer-10.0.0.2 force C set [IPsec-192.168.3.0/24-192.168.1.0/24]:Configuration=qm-192.168.3.0/24-192.168 .1.0/24 force C set [IPsec-192.168.3.0/24-192.168.1.0/24]:Local-ID=lid-192.168.3.0/24 force C set [IPsec-192.168.3.0/24-192.168.1.0/24]:Remote-ID=rid-192.168.1.0/24 force C set [qm-192.168.3.0/24-192.168.1.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [qm-192.168.3.0/24-192.168.1.0/24]:Suites=QM-ESP-AES-MD5-PFS-SUITE force C set [lid-192.168.3.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [lid-192.168.3.0/24]:Network=192.168.3.0 force C set [lid-192.168.3.0/24]:Netmask=255.255.255.0 force C set [rid-192.168.1.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [rid-192.168.1.0/24]:Network=192.168.1.0 force C set [rid-192.168.1.0/24]:Netmask=255.255.255.0 force t IPsec-192.168.3.0/24-192.168.1.0/24 c IPsec-192.168.3.0/24-192.168.1.0/24 # ipsecctl -ss esp from 10.0.0.2 to 10.0.0.4 spi 0x8efb6582 aes hmac-md5 tunnel esp from 10.0.0.4 to 10.0.0.2 spi 0x1ba68989 aes hmac-md5 tunnel OpenBSD 5.1 # ipsecctl -nvf /etc/ipsec.conf C set [Phase 1]:10.0.0.4=peer-10.0.0.4 force C set [peer-10.0.0.4]:Phase=1 force C set [peer-10.0.0.4]:Address=10.0.0.4 force C set [peer-10.0.0.4]:Configuration=phase1-peer-10.0.0.4 force C set [phase1-peer-10.0.0.4]:EXCHANGE_TYPE=ID_PROT force C add [phase1-peer-10.0.0.4]:Transforms=3DES-SHA-RSA_SIG force C set [from-192.168.1.0/24-to-192.168.3.0/24]:Phase=2 force C set [from-192.168.1.0/24-to-192.168.3.0/24]:ISAKMP-peer=peer-10.0.0.4 force C set [from-192.168.1.0/24-to-192.168.3.0/24]:Configuration=phase2-from-192.168.1.0 /24-to-192.168.3.0/24 force C set [from-192.168.1.0/24-to-192.168.3.0/24]:Local-ID=from-192.168.1.0/24 force C set [from-192.168.1.0/24-to-192.168.3.0/24]:Remote-ID=to-192.168.3.0/24 force C set [phase2-from-192.168.1.0/24-to-192.168.3.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [phase2-from-192.168.1.0/24-to-192.168.3.0/24]:Suites=QM-ESP-AES-MD5-SUITE force C set [from-192.168.1.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [from-192.168.1.0/24]:Network=192.168.1.0 force C set [from-192.168.1.0/24]:Netmask=255.255.255.0 force C set [to-192.168.3.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [to-192.168.3.0/24]:Network=192.168.3.0 force C set [to-192.168.3.0/24]:Netmask=255.255.255.0 force C add [Phase 2]:Connections=from-192.168.1.0/24-to-192.168.3.0/24 # ipsecctl -ss esp tunnel from 10.0.0.4 to 10.0.0.2 spi 0x1ba68989 auth hmac-md5 enc aes esp tunnel from 10.0.0.2 to 10.0.0.4 spi 0x8efb6582 auth hmac-md5 enc aes I think it's something how the IDs is used 3.8 C set [IPsec-192.168.3.0/24-192.168.1.0/24]:Local-ID=lid-192.168.3.0/24 force C set [IPsec-192.168.3.0/24-192.168.1.0/24]:Remote-ID=rid-192.168.1.0/24 force 5.1 C set [from-192.168.1.0/24-to-192.168.3.0/24]:Local-ID=from-192.168.1.0/24 force C set [from-192.168.1.0/24-to-192.168.3.0/24]:Remote-ID=to-192.168.3.0/24 force The difference is lid- and from-, rid- and to- between the versions. How do I alter that? Best regards Johan Ryberg 2012/5/13 Johan Ryberg : > Thanks, I will lock at that =) > > Best regards Johan > > 2012/5/12 Christian Weisgerber : >> Johan Ryberg wrote: >> >>> I found this information that seems very interesting: >>> http://www.openbsd.org/faq/upgrade47.html#hmac-sha2 >> >>> ike esp from 192.168.1.1 to 10.0.0.17 peer 192.168.10.1 psk mekmitasdigoat >>> >>> The man page of ipsec.conf says that hmac-sha1, aes, and modp1024 is >>> used as mode auth algorithm enc algorithm group group if omitted >> >> In "main mode", which is just the initial IKE negotiation part. >> Actual traffic is passed in "quick mode", which defaults to >> hmac-sha2-256 and aes. >> >> You can also use ipsecctl -nvf /etc/ipsec.conf to look at the >> expanded rules, or ipsecctl -ss to look at the parameters used by >> the currently active security associations. No need to guess. >> >> -- >> Christian "naddy" Weisgerber na...@mips.inka.de
Re: mdoc(7) macros
On Sat, May 12, 2012 at 08:26:28PM +0200, Jan Stary wrote: > I have just written my first manpage using the mdoc(7) syntax, > and I have two questions. > > (1) .Bd > By default, a display block is _preceded_ by a vertical space. > Why is it that a vertical space is not also rendered _after_ > the display block? Because then you would have to fix every existing mandoc page in existence. I don't know if there ever was a rationale for that one.
Re: Odd PMTU issue on ipsec tunnel
Hi, nobody an idea? I have the same problem. Currently I set the MTU of the internal networks to 1200. It's a workaround but actually it wastes a lot of bandwith. But without this the MTU of the VPN traffic falls down to something around 550 and that's really bad :-( Thanks Matthias Vey Am 11.05.2012 um 23:06 schrieb Carlos Flor : > I have an openbsd 5.1-release box configured with an ipsec vpn to another > identical openbsd machine. I am trying to test PMTU discovery by sending > packets, both TCP and UDP, with the DF bit set. I get an ICMP Unreachable > - Fragmentation needed packet as expected, however the "Next-Hop MTU:" > field is set to 0. The RFC says this should never be below 68. I am > wondering if the issue is related to the fact that you can no longer set an > MTU on enc0 (the ipsec tunnel interface). My first question is why am I > getting 0 as the next-hop mtu? Secondly, why can I no longer set an MTU > for my enc0 interface (when I try with ifconfig, I get : SIOCSIFMTU: > Inappropriate ioctl for device)? > > Thanks.
Song copyright
Hello, I'd like to have in background of some video one of OpenBSD songs. Is this ok with regard to right ? Thanks
Re: mdoc(7) macros
On May 13 12:02:34, Marc Espie wrote: > On Sat, May 12, 2012 at 08:26:28PM +0200, Jan Stary wrote: > > I have just written my first manpage using the mdoc(7) syntax, > > and I have two questions. > > > > (1) .Bd > > By default, a display block is _preceded_ by a vertical space. > > Why is it that a vertical space is not also rendered _after_ > > the display block? > > Because then you would have to fix every existing mandoc page in > existence. > > I don't know if there ever was a rationale for that one. Well, that's what I had in mind actually: what is the rationale for putting a space before but not after. So that mandoc does it like this to stay backwards compatible with roff(7) which does it like this?
Re: mdoc(7) macros
On Sat, May 12, 2012 at 08:26:28PM +0200, Jan Stary wrote: > I have just written my first manpage using the mdoc(7) syntax, > and I have two questions. > > (1) .Bd > By default, a display block is _preceded_ by a vertical space. > Why is it that a vertical space is not also rendered _after_ > the display block? > it is easy to turn off the vertical space before a display (use -compact), but perhaps the logic to have optional vertical space after the display was too convoluted. as long as you have the option, it is not really important. > (2) .Ex > "The ... utility exits 0 on succes, and >0 if an error occurs." > I am not a native speaker, so I might easily be wrong, but > to "exit 0" (or generaly to "exit something") doesn't seem > to be the proper wording for what is meant here, i.e. > "exit with a code of 0" > > Jan > it's fine. jmc
Re: a live cd/dvd?
[lots of text snipped] I was looking at laptops recently. I took 2 linux CDs, an OpenBSD install CD, and a USB stick with OpenBSD on it. I got a lot more useful information about hardware compatibility from the OpenBSDs than the Linux CDs because OpenBSD didn't try to bring up anything graphical at the beginning. The tools on the OpenBSD install disk were (just barely) sufficient to do what I needed. I didn't use the stick because the USB ports on the store systems weren't easily accessible. I've also rescued unbootable systems with the OpenBSD install disk. "Live CDs" take forever to boot and run because seeking on a CD is very slow. The install CD came up a great deal faster because it didn't try to set up a fancy environment. If one really wanted to make an OpenBSD live DVD, one might (this has *not* been tested): Install onto a clean disk with everything on one partition. Add 2 entries to / (/mem_var, /mem_etc) Add 3 entries to /dev for memory file systems. Edit /etc/fstab to point /tmp, /var, and /etc to those. Add some code to the beginning of /etc/rc to: create the 3 memory file systems mount /mem_etc and /mem_var copy /etc to one and /var to another unmount the copies Create a DVD with a boot sector from the above. Presumably one could write a script to do this procedure and apply it to any release. I don't intend to write such a script. Someone who wanted to do this would need to know the purpose of /etc/rc and shell programming. That person would not need to know any kernel internals. All the necessary tools have sufficient manual pages. I'm quite sure I missed something. init should continue to read the buried /etc/rc... or at least about 40 releases ago that's what would happen. This begs the questions of networking, setting up X, etc. This doesn't rate a FAQ entry. It does show "you can do this with the tools supplied and it's not rocket science".
Re: Song copyright
On Sun, May 13, 2012 at 12:50:36PM +0200, JFS wrote: > Hello, > > I'd like to have in background of some video one of OpenBSD songs. > Is this ok with regard to right ? > > Thanks > I doubt it. Not sure which of Theo or Ty hold the song copyrights, but they would probably need to give you explicit permission. Ken
stresstest + safest crashlog?
I've had a bunch of crashes freezing one PC to such an extent I couldn't recover any log, switch tty, ssh from outside and the machine has no serial port. What's the surest way to get a crashlog? syslog to a 2nd PC, a USB key with log-cow, buy a PCI serial port card? Is there a stress script that can be run on a crashtest dummy PC? thx, -- p
Re: OpenBSD 5.1 i386- ports vs packages
On Mon, May 07, 2012 at 05:53:11PM +, Dimitry T wrote: > P.S Is there any changes in performance if change in kernel conf i386 to > i686? Are you asking if you put into your kernel config file machine i686 ... that you'll see increased performance? There's no such thing as "machine i686". You said you're new to OpenBSD so let me explain. i386 refers to the architecture, e.g. 32-bit x86 machines. It supports all x86 machines from the 486 to the Xeon; see the list here: http://www.openbsd.org/i386.html The kernel doesn't think your machine has a 386 CPU. Type this and see for yourself: $ dmesg | grep ^cpu You'll get the best performance by leaving the kernel alone and instead running better software, e.g. a light window manager instead of Gnome, xxxterm instead of Firefox, etc. Nicolai
Re: a live cd/dvd?
ok, thats a bunch of information. However, for me, its the same as rocket science as I am totally blind and would require sighted assistance just to get it to either install a network card, or port to USB/Serial. Unlike the rest of you, using a computer with little or no accessibility on boot-up is immeasurably harder. even porting to a braille display device is not straight forward. all I want is a way to make/execute a script to do the installation unattended or port to an interface that can be read with another machine with speech/braille already running. then again, it appears that it may be easier to get a $200 interface device that acts as the screen to the machine and outputs to either a network interface or a serial port. unfortunately, most blind folks cannot afford this, so having a stand-alone installer with speech or braille would be very helpful. -eric On May 13, 2012, at 8:14 AM, Geoff Steckel wrote: > [lots of text snipped] > I was looking at laptops recently. I took 2 linux CDs, an OpenBSD install CD, > and a USB stick with OpenBSD on it. > > I got a lot more useful information about hardware compatibility from > the OpenBSDs than the Linux CDs because OpenBSD didn't try to bring up > anything graphical at the beginning. > > The tools on the OpenBSD install disk were (just barely) sufficient > to do what I needed. I didn't use the stick because the USB ports on the > store systems weren't easily accessible. > > I've also rescued unbootable systems with the OpenBSD install disk. > > "Live CDs" take forever to boot and run because seeking on a CD is very slow. > The install CD came up a great deal faster because it didn't try to set up > a fancy environment. > > If one really wanted to make an OpenBSD live DVD, one might (this has *not* been tested): > > Install onto a clean disk with everything on one partition. > Add 2 entries to / (/mem_var, /mem_etc) > Add 3 entries to /dev for memory file systems. > Edit /etc/fstab to point /tmp, /var, and /etc to those. > Add some code to the beginning of /etc/rc to: > create the 3 memory file systems > mount /mem_etc and /mem_var > copy /etc to one and /var to another > unmount the copies > > Create a DVD with a boot sector from the above. > > Presumably one could write a script to do this procedure and apply it to any release. > > I don't intend to write such a script. Someone who wanted to do this would > need to know the purpose of /etc/rc and shell programming. > That person would not need to know any kernel internals. > All the necessary tools have sufficient manual pages. > > I'm quite sure I missed something. init should continue to read the buried > /etc/rc... or at least about 40 releases ago that's what would happen. > > This begs the questions of networking, setting up X, etc. > > This doesn't rate a FAQ entry. It does show "you can do this with the tools > supplied and it's not rocket science".
Re: a live cd/dvd?
> Eric Oyen wrote: > all I want is a way to make/execute a script to do the installation > unattended. I think this can be done pretty easy once you figured out what options you do need for your specific installation by removing the code that ask for options - or forcing the defaults by tricking the install script that you have pressed the Enter key, if the defaults are ok for you. It's very clear that impaired people need some modification in the hardware/software, but this implies another effort from the developers. The resources are scarce anyway and you need support in daily system usage too, which is of a greater importance, I think.
Re: stresstest + safest crashlog?
On Sun, May 13, 2012 at 05:47:55PM +0200, Petah wrote: > I've had a bunch of crashes freezing one PC to such an extent I > couldn't recover any log, switch tty, ssh from outside and the machine > has no serial port. > > What's the surest way to get a crashlog? syslog to a 2nd PC, a USB key > with log-cow, buy a PCI serial port card? If you can exit to ddb, the extraction of information (dmesg, panic, etc) is easy. man 8 crash man 4 ddb man 8 savecore Cheers. -- Juan Francisco Cantero Hurtado http://juanfra.info
carp mixed states
hi all have configured two firewalls with carp i have connectivity to the internet and the firewalls failover properly. when i check the carp states of each firewall the slave reports that its wan connection is in the master state the same as the master firewall while the slave carp lan connection is in the backup state. is this normal or should both carps be in backup for the slave ? shadrock master firewall /etc/hostname.carp1 inet 10.5.5.1 255.255.255.0 10.5.5.255 vhid 1 carpdev em1 pass pass1 /etc/hostname.carp2 inet 192.168.5.1 255.255.255.0 192.168.5.255 vhid 2 carpdev em0 pass pass2 /etc/hostname.em0 inet 192.168.5.2 255.255.255.0 /etc/hostname.em1 inet 10.5.5.2 255.255.255.0 NONE /etc/hostname.bge0 inet 172.16.0.2 255.255.255.0 NONE /etc/hostname.pfsync0 up syncdev bge0 ifconfig -a lo0: flags=8049 mtu 33196 priority: 0 groups: lo inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 inet 127.0.0.1 netmask 0xff00 bge0: flags=8843 mtu 1500 lladdr 00:18:8b:60:7b:06 priority: 0 media: Ethernet autoselect (1000baseT full-duplex,master,rxpause,txpause) status: active inet 172.16.0.2 netmask 0xff00 broadcast 172.16.0.255 inet6 fe80::218:8bff:fe60:7b06%bge0 prefixlen 64 scopeid 0x1 em0: flags=8b43 mtu 1500 lladdr 00:04:23:df:6b:a4 priority: 0 groups: egress media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause) status: active inet 192.168.5.2 netmask 0xff00 broadcast 192.168.5.255 inet6 fe80::204:23ff:fedf:6ba4%em0 prefixlen 64 scopeid 0x2 em1: flags=8b43 mtu 1500 lladdr 00:04:23:df:6b:a5 priority: 0 media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause) status: active inet 10.5.5.2 netmask 0xff00 broadcast 10.5.5.255 inet6 fe80::204:23ff:fedf:6ba5%em1 prefixlen 64 scopeid 0x3 enc0: flags=41 priority: 0 groups: enc status: active pfsync0: flags=41 mtu 1500 priority: 0 pfsync: syncdev: bge0 maxupd: 128 defer: off groups: carp pfsync pflog0: flags=141 mtu 33196 priority: 0 groups: pflog carp1: flags=8843 mtu 1500 lladdr 00:00:5e:00:01:01 priority: 0 carp: MASTER carpdev em1 vhid 1 advbase 1 advskew 0 groups: carp status: master inet6 fe80::200:5eff:fe00:101%carp1 prefixlen 64 scopeid 0x6 inet 10.5.5.1 netmask 0xff00 broadcast 10.5.5.255 carp2: flags=8843 mtu 1500 lladdr 00:00:5e:00:01:02 priority: 0 carp: MASTER carpdev em0 vhid 2 advbase 1 advskew 0 groups: carp status: master inet6 fe80::200:5eff:fe00:102%carp2 prefixlen 64 scopeid 0x7 inet 192.168.5.1 netmask 0xff00 broadcast 192.168.5.255 slave firewall /etc/hostname.carp1 inet 10.5.5.1 255.255.255.0 10.5.5.255 vhid 1 carpdev em1 advskew 100 pass pass1 /etc/hostname.carp2 inet 192.168.5.1 255.255.255.0 192.168.5.255 vhid 2 carpdev em0 advskew 100 pass pass2 /etc/hostname.em0 inet 192.168.5.3 255.255.255.0 /etc/hostname.em1 inet 10.5.5.3 255.255.255.0 NONE /etc/hostname.bge0 inet 172.16.0.3 255.255.255.0 NONE /etc/hostname.pfsync0 up syncdev bge0 ifconfig -a lo0: flags=8049 mtu 33196 priority: 0 groups: lo inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 inet 127.0.0.1 netmask 0xff00 bge0: flags=8843 mtu 1500 lladdr 00:18:8b:6c:4e:85 priority: 0 media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause) status: active inet 172.16.0.3 netmask 0xff00 broadcast 172.16.0.255 inet6 fe80::218:8bff:fe6c:4e85%bge0 prefixlen 64 scopeid 0x1 em0: flags=8b43 mtu 1500 lladdr 00:04:23:e3:c7:92 priority: 0 groups: egress media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause) status: active inet 192.168.5.3 netmask 0xff00 broadcast 192.168.5.255 inet6 fe80::204:23ff:fee3:c792%em0 prefixlen 64 scopeid 0x2 em1: flags=8b43 mtu 1500 lladdr 00:04:23:e3:c7:93 priority: 0 media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause) status: active inet 10.5.5.3 netmask 0xff00 broadcast 10.5.5.255 inet6 fe80::204:23ff:fee3:c793%em1 prefixlen 64 scopeid 0x3 enc0: flags=41 priority: 0 groups: enc status: active pfsync0: flags=41 mtu 1500 priority: 0 pfsync: syncdev: bge0 maxupd: 128 defer: off groups: carp pfsync pflog0: flags=141 mtu 33196 priority: 0 groups: pflog carp1: flags=8843 mtu 1500 lladdr 00:00:5e:00:01:01 priority: 0 carp: BACKUP carpdev em1 vhid 1 advbase 1 advskew 100 groups: carp status: backup inet6 fe80::200:5eff:fe00:101%carp1 prefixlen 64 scopeid
Re: a live cd/dvd?
On May 13, 2012, at 12:30 PM, Eric Oyen wrote: > ok, > thats a bunch of information. However, for me, its the same as rocket science > as I am totally blind and would require sighted assistance just to get it to > either install a network card, or port to USB/Serial. Unlike the rest of you, > using a computer with little or no accessibility on boot-up is immeasurably > harder. even porting to a braille display device is not straight forward. all > I want is a way to make/execute a script to do the installation unattended or > port to an interface that can be read with another machine with speech/braille > already running. > > then again, it appears that it may be easier to get a $200 interface device > that acts as the screen to the machine and outputs to either a network > interface or a serial port. unfortunately, most blind folks cannot afford > this, so having a stand-alone installer with speech or braille would be very > helpful. > > -eric I believe I may have already replied somewhere about this, but I figger why not, just for safe. When I install my firewalls, I use a digi ts-2 (well, not a ts-4, since when last I ordered a ts-2 I got a ts-4). They can be had cheap on ebay: http://www.ebay.com/itm/Digi-Portserver-TS-2-w-power-supply-Tested-Good-/1607 85148926 Of course, this is predicated on having an RS-232 interface (which the Alix boards I use, and the Suns, have). The beauty (and the ensuing security implications) are that you can telnet to this box from ANYTHING and get to the console of the device (be it a Sun or an Alix board, or whatever) and get just straight text out of it. Needless to say (and I realized I should say it), you don't put the TS on your DMZ, and you do secure it (the Digi's do have SSH). To go the completely fee and unattended path requires doing something like installing on a VM or something you can do easily, then building a distribution with your own installer. Most of that is straightforward, even getting the partitioning preconfigured. However, in my experience, it's just simpler to find tools to adapt to the already provided process -- otherwise, you have to do the same thing over and over again to get the same result. Of course, more and move vendors are building RS-232 free systems, and despite USB being a Universal Serial Bus, it is a pain in the ass to get a serial->usb plug working in either direction (drivers drivers drivers. Bah!). I wish you luck in whatever avenue you choose. Sean
Re: stresstest + safest crashlog?
>On May 13 17:47:55, Petah wrote: >> I've had a bunch of crashes freezing one PC to such an extent I couldn't >> recover any log, > >You mean, after a reboot? Ctrl-alt-del won't reboot (pc has no X), I have to keep powerbutton down 5 secs. There's one post-reboot log entry unrelated to the panic message I got on screen; the sys drive is an SSD, which may account for the volatility, panic occured while doing a chrooted rsync on the 2nd HDD. Keyboard input seems flaky, tried a bunch. >If you can exit to ddb, the extraction of information (dmesg, panic, >etc) is easy. > >man 8 crash >man 4 ddb >man 8 savecore thx I'll check those, -- p > >> switch tty, ssh from outside and the machine has no serial port. >> >> What's the surest way to get a crashlog? syslog to a 2nd PC, a USB key with >> log-cow, buy a PCI serial port card? >> >> Is there a stress script that can be run on a crashtest dummy PC? >> >> thx, >> >> -- p
Acciones Legales de Empleados, Evite demandas!
[IMAGE] ?Qui hacer ante avisos y notificaciones? ?Csmo establecer mitricas apropiadas de prevencisn?. Taller de Acciones Preventivas contra las Demandas Laborales 23 de Mayo, Cd. de Mixico. Debemos tomar en cuenta que una demanda es el inicio de un juicio laboral, la cual se dirige a los miembros de la junta especial de conciliacisn y arbitraje, ya sea local o federal, en donde el trabajador quien normalmente es quien promueve, manifiesta su inconformidad con su patrsn por la vma legal, todo esto representa una gran pirdida de tiempo y de recursos, este programa desarrolla mecanismos de prevencisn y proteccisn de su empresa u organizacisn. Aprenda a ejecutar acciones contundentes en esta materia. Si esta informacisn no compete a su area y la considera de valor le agradecemos compartirla. !Reciba la informacisn completa! Por favor responda este e-mail con los datos siguientes Empresa Nombre Telifono Email Nzmero de Interesados En breve recibira temario, reseqa de expositor y tarifas. Pms Capacitacisn Efectiva de Mixico es una empresa Registrada ante la STPS Trabajamos con expertos en la materia para poder brindar herramientas tacticas, vanguardistas y de facil aplicacisn. 100% Garantma de Satisfaccisn. Si lo prefiere comunmquese a los telifonos donde con gusto uno de nuestros ejecutivos le atendera. Telifonos: (0133) 8851-2365, (0133) 8851-2741 con mas de 10 lmneas. Smguenos en Twitter@pmscapacitacion o bien en Facebook PMS de Mixico Copyright (C) 2011, PMS Capacitacisn Efectiva de Mixico S.C. Derechos Reservados. E-Mail MARKETING SERVICE POWERED BY MEDIAMKTOOLS. Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de Mixico o bien un usuario le refiris para recibir este boletmn. Como usuario de Pms de Mixico, en este acto autoriza de manera expresa que Pms de Mixico le puede contactar vma correo electrsnico u otros medios. ALTO, si en esta ocasisn la informacisn recibida no fue de su interis pero desea recibir informacisn personalizada en relacisn a otros temas favor de indicarlo. Si usted ha recibido este mensaje por error, haga caso omiso de el y de antemano una sincera disculpa por la molestia, reporte su cuenta respondiendo este correo con el subject BAJADMD Unsubscribe to this mailing list, reply a blank message with the subject UNSUBSCRIBE BAJADMD Tenga en cuenta que la gestisn de nuestras bases de datos es de suma importancia para nosotros y no es intencisn de la empresa la inconformidad del receptor, nuestra intencisn es promover herramientas de utilidad para el [demime 1.01d removed an attachment of type image/jpeg which had a name of image001.jpg]
Re: a live cd/dvd?
Thanks. already looking into it. I may have to figure out how to include a screen reader to work in this. there are 2 ways: using ORCA in the Gnome desktop environment (or XFCE) or a console based screenreader (speakup works, but requires a lot of modifications to get it running). ORCA on an X desktop is a bit easier (I use it in Linux) and only requires an accessible GTK interface and python (there are a few other dependencies as well). anyway, its up to me to see if I can do this (though having help would certainly be appreciated). -eric On May 13, 2012, at 5:36 PM, hvom .org wrote: > Hi > > "LiveCD" on the unofficial openbsd : > > http://livecd-openbsd.sourceforge.net/ > > http://kaw.ath.cx/openbsd/?en/LiveCD > > > > 2012/5/12, Eric Oyen : >> hello everyone. >> >> I was thinking that if we had a live image (A full running system) with an >> installer, we could have easier installations for the blind (and others as >> well). Now, some systems have the ability to port the screen to a local >> serial >> port (these are getting rare in modern commodity systems) and there are a >> couple of screen device options that will allow either screen->console >> output >> or screen->network. these, however, are fairly expensive solutions. >> >> I even suggested this to an interviewer from the conference happening in >> canada today. Now, I do understand that making OpenBSD capable of this >> might >> entail a lot of development work. >> >> now, some linux projects (like OpenSUSE, Ubuntu and Vinux) can operate as a >> live dvd (and in the case of Vinux, even the installer is fully accessible) >> but OpenBSD isn't Linux. However, this type of installation system could >> prove >> to be very powerful as hardware detection and settings could be made before >> running the installation script. >> >> Oh, and Theo, I would understand if you find this idea a little far >> fetched. >> Still, all I request is that you and your team give it a look-see. I am >> still looking at using the custom scripting project to perform an install, >> but >> have run into a couple of snags dealing with some of the variables that >> need >> to be passed to the installer (I know, I know, read some more). >> >> anyway, take a look and see if this idea is doable. There are a lot of >> blind >> people like me that want something more secure than windows and easier to >> work. >> >> Let me know what you guys think. >> >> btw, as an afterthought, I should mention that I am using OpenBSD 5.0 with >> Speakup as the console screen reader. This system is my household firewall >> and >> internal DNS. >> >> -eric
You Have One Unread Message
Dear ANZ Customer, You Have One Unread MESSAGE on your Account VIEW YOUR MESSAGE Thank you. Copyright Australia and New Zealand Banking Group Limited
Business Leadership Project
Hi There, I am curious if you are the person responsible for adding content to the following page: monkey.org/openbsd/archive/misc/0004/msg00833.html If not, feel free to forward me on to the correct person! I came across your page during my research for a project for which I am contributor. It is a resource primarily aimed at business professionals and those with an interest in the business world. It provides a comprehensive overview of various business sectors, issues, and educational avenues. It also takes a critical look at how online education platforms are educating future business leaders. I would love to send over more details about this project, and partner with you to have it listed as a resource link on your site. Let me know! Thanks for your time. I look forward to working with you! Bethenny Time is the scarcest resource and unless it is managed nothing else can be managed. Peter Drucker
